checkpoint r54 安装过程中各个组件的关系及方法

jackblan · 发表于 2004-9-17 10:53:46

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

您需要登录才可以下载或查看，没有账号？注册

×

In This SectionInstalling and Configuring VPN-1/FireWall-1 Installing the SmartConsole Install the following components:VPN-1/FireWall-1 - install the components (SmartCenter Server, Enforcement module, Log Server) that will manage or enforce the Security Policy. SmartConsole - install a SmartConsole to manage different aspects of VPN-1/FireWall-1. For instance, SmartDashboard is used by the system administrator to manage and create the Security Policy. Any number of SmartConsole can be installed on the same machine.The VPN-1/FireWall-1 installation process unwinds gradually. Without the user realizing it, several features are installed automatically, such as:the default filter which protects the machine until a Security Policy is defined, as well as the SVN Foundation which is the technological backbone common to all VPN-1/FireWall-1 componentsInstalling and Configuring VPN-1/FireWall-11 Run the Wrapper.2 Accept the End-Users License Agreement (EULA).3 Select the type of deployment (whether standalone or distributed) and select the Check Point product VPN-1/FireWall-1.4 If you chose a standalone deployment, the Enforcement module and the SmartCenter Server are installed together. If you chose a distributed deployment, you must install each separate component on the relevant machine. The SmartCenter Server must always be installed before the Enforcement module. A Log Server can be installed on the same machine as the SmartCenter Server, or it can be installed on another machine. 5 If you are using the Check Point Management High Availability feature, select one of the following:Primary SmartCenterSecondary SmartCenterIf you are not using the Check Point Management High Availability feature, the SmartCenter Server is by default considered to be the Primary Management. If you are using Management High Availability, the next SmartCenter Server defined must be defined as the Secondary Management, which will take over from the Primary Management if the Primary Management fails. 6 Confirm the default directory, or browse to a directory in which you would like to install VPN-1/FireWall-1.7 Configure the VPN-1/FireWall-1 component using the Check Point Configuration tool. See Check Point Configuration Tool for more information.8 After the Check Point Configuration tool has completed, the VPN-1/FireWall-1 installation process is complete. You must then reboot the computer.Check Point Configuration ToolThe Configuration Tool is used to configure the VPN-1/FireWall-1 components. It runs automatically during a new installation or an upgrade of an existing installation. It can be run at a later time to reconfigure already installed products. To start the Check Point Configuration Tool, enter cpconfig at the command prompt, or in Windows, Start>Programs>SmartConsole >Check Point Configuration NG.The Configuration Tool consists of several pages whose settings must be configured in order to complete the VPN-1/FireWall-1 installation. The windows that are displayed depend on the Check Point component installed, and include:Licenses - create a license in the Check Point License Center (User Center: http://www.checkpoint.com/usercenter) and add it to this page. For more information about licenses, see Check Point Licenses.Administrators - create an administrator with permission to access the SmartCenter Server using the SmartConsole. The availability of permissions depends on the installed products. For information about administrators, see Administrators and the Login Procedure.GUI Clients - configure this window in order to login remotely to a SmartConsole. Add the details of a Remote Host. The Administrator will be allowed to login from the specified machine.Key Hit Session - enter random key strokes in order to create a text string which will be used for various cryptographic purposes. Once the bar is full, the session is complete.Certificate Authority - to enable secure communication between the SmartCenter Server and its modules, you must initialize and start the Internal Certificate Authority (ICA). The ICA name should be a resolvable name in the format hostname.domain, for example, host.checkpoint.com. It is essential that this name be correct in order for VPN to be able to work. Secure Internal Communication - establish trust between the module and the SmartCenter Server. Trust is established through the use of SIC certificates which are issued and delivered by the ICA to the SmartCenter Server and to the modules. Enter an Activation Key in this window and in the Communication window of the module's object in SmartDashboard. The Activation Key must be identical in both places. For more information about SIC, see Securing Channels of Communication Between Internal Components (SIC).Fingerprint - The Fingerprint is used the first time you login to a SmartConsole in order to verify the identity of the SmartCenter Server. When you login, you will be asked to compare and contrast the displayed fingerprint with this fingerprint in order to verify the identity of the SmartCenter being accessed using SmartConsole. Export the fingerprint shown in this window, so that you can recall it on login.Installing the SmartConsoleThe SmartConsole can be installed standalone or on a SmartCenter Server. If they are installed standalone, they should be defined as Remote Hosts in Check Point Configuration tool on the SmartCenter Server.1 Run the Wrapper.2 Accept the End-Users License Agreement (EULA), if you have a previous installation you must decide whether to override or maintain the existing version.3 Select the directory in which you would like to save the installation.4 Select the SmartConsole that you would like to install. SmartDashboard is used by the system administrator to define and manage the Security Policy. From this SmartConsole you can access many Check Point features and add-ons.SmartView Tracker is used for managing and tracking logs and alerts throughout the system.SmartView Status is used for managing, viewing and testing the status of various Check Point components throughout the system.SmartUpdate is used to manage and maintain a license repository, as well as to facilitate upgrading Check Point software.SecureClient Packaging Tool is used to define user profiles for SecuRemote/SecureClient clients.SmartView Monitor is used to monitor and generate reports on traffic on interfaces, VPN-1/FireWall-1 and QoS modules, as well as on other Check Point System counters.SmartView Reporter is used to generate reports for different aspects of network activity.User Monitor is used for managing SecuRemote users.SmartLSM is used for managing large numbers of ROBO Gateways using SmartCenter Server.5 The installation process runs its course and is completed. You can now start to work with the SmartConsole.

smile787 · 发表于 2004-9-18 14:32:51

用了一天了，开始觉得不是特别难了，和别得也差不了很多，具体得功能还要去发觉一下。。

smile787 · 发表于 2004-9-18 18:55:54

好像5.4的破解和以前的不同了很多，谁有个4。X系列的就可以破解了。谢谢楼上提供4。x的破解！

jackblan · 发表于 2004-9-18 20:00:23

你用4.1版的破解程序把它（5.4）破解了吗？能说说吗？另外我觉得学cp 要有一个总的思路，毕竟入门最难嘛，只要这个思路找到了、入了门，学起来也就快了。另外cp更多的是基于模块化的企业级应用，企业级姑且就不说了，但分布式模块化的特点是最值得我们深入研究的。呵呵，一家之言

smile787 · 发表于 2004-9-18 20:48:28

没有破解5.4，是说谁4。x版本的就已经可以破解使用了！看了一边cp5.4的ADVENTE的DEMO，感觉和平时的防火墙区别不是很到。在DDOS等攻击好像有专门的设置参数做为一个项，这个是个有特色的地方！不知道是否你说的模块化设计的！在防火墙的具体应用规则上，感觉是分析功能大了些，对控制的条件可以自己调整的参数比较多，是不错的设计。用了两个小时把什么功能参数都看一边，感觉这个防火墙也没那么强大。功能都和linux是差不多！如果要学，熟悉它会比较有帮助！我也是第一次接触它，以前一直没装上。如果有解决KEY的办法就好了，就考虑应用做企业防火墙。具体的问题我们再交流！PS，我的只可以使用15天，有问题要快点讨论了哦！不过好像调时间又可以回到可以使用的状态，而不会出错哦！

cloudq · 发表于 2004-9-19 07:37:58

还是没有理解cp的精髓。。。。。关键是我们没有那么大的环境。。。cp的模块化设计思想是非常优秀的。。。而且cp的功能的确是非常强大。尤其是报表，B4志，ids等等好多方面如果单纯比较防火墙过滤规则。。那么会得出一个结论所有的防火墙都一样防火墙技术目前发展的比较成熟了。。。现在就是如何在保证安全（当然不可能绝对的）的情况下如何提高速度。。。。。

smile787 · 发表于 2004-9-19 08:03:01

cp的ids，记录分析功能的确强大，对于提供服务的servervs来做，起到的保护很好。cp的功能暂时了解的还不多，不过更多的看上去还是用再企业防火墙上，好像不怎么需要别的环境，不知道大环境是什么，也是才接触中。。

smile787 · 发表于 2004-9-19 09:34:35

1.2.1. Check Point FireWall-1产品包括以下模块：l 基本模块：ü 状态检测模块（Inspection Module）：提供访问控制、客户机认证、会话认证、地址翻译和审计功能；ü 防火墙模块（FireWall Module）：包含一个状态检测模块，另外提供用户认证、内容安全和多防火墙同步功能；ü 管理模块（Management Module）：对一个或多个安全策略执行点（安装了FireWall-1的某个模块，如状态检测模块、防火墙模块或路由器安全管理模块等的系统）提供集中的、图形化的安全管理功能；l 可选模块ü 连接控制（Connect Control）：为提供相同服务的多个应用服务器提供负载平衡功能；ü 路由器安全管理模块（Router Security Management）：提供通过防火墙管理工作站配置、维护3Com，Cisco，Bay等路由器的安全规则；ü 其它模块，如加密模块等。l 图形用户界面（GUI）：是管理模块功能的体现，包括ü 策略编辑器：维护管理对象、建立安全规则、把安全规则施加到安全策略执行点上去；ü B4志查看器：查看经过防火墙的连接，识别并阻断攻击；ü 系统状态查看器：查看所有被保护对象的状态。

smile787 · 发表于 2004-9-19 09:35:38

比较项目 CHECK POINT FIREWALL-1 CISCO PIX防火墙产品产品类型 Check Point FireWall-1 4.0 Cisco PIX Firewall 520 介质软件防火墙硬件防火墙操作系统 Solaris 2.6 ?? CPU品牌/类型/频率 Sun/UltraSPARC-II/300 MHz Intel/Pentium/ 233 MHz 硬件平台 Sun Ultra II 520技术核心技术完全的状态检测技术 ASA自适应安全算法状态信息从七个层次得到的信息关于数据包的来源和目的的信息访问控制网络层过滤 FTP, HTTP, SMTP HTTP, SMTP 认证方法 RADIUS, TACACS, TACACS+, SecurID, Defender, OS password, S/Key RADIUS, TACACS+, Secure, AXENT, CRYPTOCard, NDS, NT domain,Unix domain 协议认证 All protocols FTP, HTTP, telnet URL过滤支持支持第三方URL过滤支持 WebSense, SurfWatch Finjan, Trend, WorldTalk 内容过滤支持支持第三方病毒扫描产品支持 Trend Micro, Symantec, eSafe, Data Fellows,Integralis MIMEsweeper, Trend 端口转换支持支持网络地址转换支持支持管理远程GUI 支持支持远程GUI可管理防火墙的数量无限制 10个远程GUI和被管理的防火墙的会话加密加密加密，w/optional encryption card 远程GUI平台支持 Solaris, Windows NT, 95, AIX, HP-UX Windows NT 事件经由SNMP Trap提示支持支持事件经由e-mail提示支持支持事件经由自定义的脚本提示支持不支持 B4志/报告计费支持支持 B4志信息排序支持不支持 B4志信息过滤支持支持 B4志文件格式文本格式系统B4志格式 B4志文件输出格式 ASCII 文本 VPN IPSec加密算法支持 DES, Triple DES DES, Triple DES IPSec认证算法支持 MD5, SHA-1, CBC-DES-MAC MD5, SHA-1 IKE支持支持支持其它加密算法支持 RC4-40, FWZ-1, DES-40, CAST, CAST-40 不支持其它认证算法支持不支持 MD5 CA服务器产品支持 Entrust Netscape (Entrust and VeriSign) 性能（100M带宽情况下）延迟时间（单位：秒）不启动NAT 0.0287 0.0234 启动NAT 0.033 0.0234 吞吐率（Mbps）不启动NAT 60 75 启动NAT 45 75 可扩展性系统扩展只需要增加相应的模块即可系统扩展需要更换设备可升级性软件可升级方便、维护简单硬件升级比较复杂互操作性同路由器可管理3Com、Cisco、Bay路由器的安全规则仅可同Cisco路由器进行互操作价格（公开报价）人民币报价 7.4万约15万

账号		自动登录	找回密码
密码			注册